PCanywhere...Nat or port forwarding or both?...Im confused :(

We use PCanywhere to remotely look after one of our servers which works fine. I forward the ports from my netgear router to the server and open the ports on our ISA server (installed on our only server W2K 2 network cards one LAN side one WAN side)...works a treat.

However we now need to install pcanywhere on a PC on the LAN side and I cant work out how to get to it! (remotely)....If I open a different set of ports on the router I cant forward them to the PC because its on the lan side of the server. How can I get to it???? it has to pass through the server (W2K with ISA) and then forward on to the PC. Now this is where Im confused..I know the RRAS has some kind of NAT bit in it...so do I need to forward the ports again to the PC???....Ive got a headache now.

I would suggest that you really reconsider using PCA to remotely manage your Servers....not the most secure way to do it. We decided to use GoToMyPC on our servers because it does not require any port forwarding...the traffic is encrypted....the response time is much better and I can manage as many or as few PC's and servers as I want from anywhere I need.

The other advantage is you can access these servers from anywhere...if you were at your friends house and needed to check on them....you could, without any software. It is also 100% secure, with no risk to your servers or your LAN.

On your router, you should have the ability to set up a reverse proxy, sometimes called a conduit or virtual server. That means that an address on the outside of the device maps to an address on the inside of the device. You can usually choose between configuring it to allow all ports in, or just some. You want just some, if possible.

So, what you want to do is this. On your router, set up a conduit between the WAN IP and Server NIC2 (192.168.0.2). For that conduit, allow the PCAnywhere ports to pass. (5631 and 5632). That will get you to the ISA Server.

From the ISA server, set up the filter (conduit) for the workstation (10.0.0.15) as outlined in the above link.

That should get you there. The person on the outside will set PCAnywhere to connect to the WAN IP address. The router will forward that to the ISA server and the ISA server will forward that to the PC. Should work fine.

agreed too. IMO, i think NeilDavis may try one or all of the following methods:

1. change default listening port of pcanywhere, although it is not way to prevent risk at all, at least it is a trick to prevent newbies. ;-)
2. use VPN. of course, it needs a lot for both remote side and internal side, but the outcome should be much safe.

as for MSKB Q304350, it is for pcAnywhere Hosted on ISA Server 2000, not for those PCs behind the ISA, to do for the 2nd scenario, the following KB articles are helpful although they are not for pcanywhere directly (just replace the port number of TS to those of pcanywhere):

bbao \ Robing66066 \ and everyone. All the MS docs Ive read including those above assume you are trying to get to your server and no further...294720 starts....

"This article describes how to Server Publish a Windows 2000 Terminal Server on a private Intranet to the Internet via Internet Security and Acceleration Server (ISA) where the ISA server is also running Terminal Server"

Where the ISA is also running terminal server...eg on the same box.

As it stands we have one w2k server that runs ISA server on it as well. I can already get to this and dont use the standard tcp \ udp port config for pcany. I just cant get past it....maybe it cant be done.

"In the IP address of internal server field, enter the IP address of the internal server. If you want this rule to enable Terminal Server Access to the ISA server, type its Internal IP address. If this is for another computer *behind* the ISA server on the LAN, type that computer's IP address."

I think that should get you through it. To test, start by publishing the PCAnywhere machine on the ISA server. Place a PCAnywhere client in front of the ISA server and see if you can get through. Then configure your outside router. Place a PCAnywhere client in front of that and see if you can get through.

Sorry for the confusion. That should work now... (Sure hope so anyway! Whew!)

Featured Post

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Hi All,
Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…

If you're not part of the solution, you're part of the problem.
Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet. Use PRTG Network Monitor as one of the building blocks, to detect unusual…

Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually.
After setting up a router, find the network security…

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…